Publications
Withdrawn on February 08, 2005.
Guideline on User Authentication Techniques for Computer Network Access Control
Documentation
Topics
Date Published: September 29, 1980
Planning Note (2/8/2005):
The withdrawal of this FIPS was announced in the Federal Register.
Author(s)
National Bureau of Standards
This Guideline provides information and guidance to Federal agencies on techniques and practices which can be used to control access to computer resources via remote terminals and networks. A variety of methods are described for verifying the identity of persons using remote terminals, as a safeguard against unauthorized usage. This Guideline discusses the three basic ways which may serve as a basis for verifying a person's identity: something the person KNOWS, such as a password; something the person HAS, such as a key or access card; or something ABOUT the person, such as fingerprints, signature, voice, or other personal attribute. The ability to automatically verify a person's identity via a unique personal attribute offers the prospect of greater security, and equipment for accomplishing this is beginning to emerge. There are several promising laboratory developments, although such equipment has not yet been interfaced to computer terminals to any great extent. In view of the present dependence on authentication techniques other than personal attributes, this Guideline provides advice on the effective use of passwords. This Guideline also discusses a variety of cards and badges with various forms of machine-readable coding that may be used for access control. In order to protect information used for identity verification, encryption is recommended.
This Guideline provides information and guidance to Federal agencies on techniques and practices which can be used to control access to computer resources via remote terminals and networks. A variety of methods are described for verifying the identity of persons using remote terminals, as a...
See full abstract
This Guideline provides information and guidance to Federal agencies on techniques and practices which can be used to control access to computer resources via remote terminals and networks. A variety of methods are described for verifying the identity of persons using remote terminals, as a safeguard against unauthorized usage. This Guideline discusses the three basic ways which may serve as a basis for verifying a person's identity: something the person KNOWS, such as a password; something the person HAS, such as a key or access card; or something ABOUT the person, such as fingerprints, signature, voice, or other personal attribute. The ability to automatically verify a person's identity via a unique personal attribute offers the prospect of greater security, and equipment for accomplishing this is beginning to emerge. There are several promising laboratory developments, although such equipment has not yet been interfaced to computer terminals to any great extent. In view of the present dependence on authentication techniques other than personal attributes, this Guideline provides advice on the effective use of passwords. This Guideline also discusses a variety of cards and badges with various forms of machine-readable coding that may be used for access control. In order to protect information used for identity verification, encryption is recommended.
Hide full abstract
Keywords
access control; authentication; authorization; computer network; computer security; encryption; Federal Information Processing Standards Publication; identification token; identity verification; password; personal attribute; personal identification
Control Families
None selected